How Important Is a Qualified Electronic Signature?

Qualified Electronic Signatures

What goes into making a qualified electronic signature (QES), well, qualified? And how does it differ from an advanced electronic signature? In an increasingly-digital world of business, electronic signatures, and all of the security assurances that come with them, are critical.

In this article, we detail how qualified electronic signatures work, how advanced electronic signatures work, why they matter and how to introduce them into your organisation at scale with a digital signing software.

What is a qualified electronic signature (QES)?

A qualified electronic signature (QES) is the most secure type of electronic signature. It is legally equivalent to a handwritten signature. It is backed up by a unique certificate that proves its validity beyond a shadow of a doubt.

Using a QES, companies and institutions can prove their identity in electronic data transactions, e.g., legal transactions on the Internet, as well as part of other agreements.

What is an advanced electronic signature (AES)?

An advanced electronic signature is the second highest level of electronic signature that holds legal validity and is considered more secure and trustworthy than a basic electronic signature. It is used in electronic transactions and agreements to authenticate the identity of the signer and ensure the integrity of the signed document.

What is an advanced electronic signature and a qualified electronic signature?

The qualified electronic signature is the type of signature that enjoys the highest legal guarantees and therefore, is the most appropriate for the signing of any contract, document or transaction that requires such guarantees. The advanced electronic signature can be made with different technologies, such as biometric signatures or digital certificates and is offers the next highest level of legal guarantees. 

Is a qualified electronic signature legally binding in the UK?

In the UK qualified electronic signatures are also considered compliant and legally binding. It's important to note though, that electronic signatures are only as strong as the source who issues them.

Expanding out to the EU, as perArt. 25 (2) of the eIDAS Regulation, qualified electronic signatures apply to all member states.

Personio puts data security and IT protection above all else. Learn more here.

What requirements do qualified electronic signatures need to meet?

The eIDAS Regulation has set out the following requirements for qualified electronic signatures:

  • It is uniquely assigned to signers.

  • It enables the signatory to be identified without any doubt.

  • It is created using a qualified electronic signature creation device.

  • It is designed in such a way that any subsequent change to the data in the signature can be detected.

  • It is based on a qualified certificate for electronic signatures.

What does a qualified electronic signature look like in practice?

Qualified and advanced electronic signatures are identical on their face and from a technical perspective. That said, in the case of a QES, the identity of the signee is additionally guaranteed by the recognised certification service that issues the qualified signature.

So, while they may appear the same, a QES comes with an additional level of security.

Sign Digital Documents Instantly

Electronic Signature Laptop iPhone Sign Contract

Ensure your employee documents can be signed in seconds and automatically stored in the right place with Personio's built-in e-signature.

How does qualified electronic signature encryption work?

In practice, a qualified electronic signature involves the signee being assigned a private signature key that has strong cryptographic encryption. This private key can only be read with a public key that uniquely matches it. The qualified certificate of the trust service provider combines both keys to confirm the identity of the person signing.

Can qualified electronic signatures be used in an email?

Essentially, a qualified electronic signature is equivalent to its handwritten counterpart. Anything you might sign physically, you could sign with a QES.

That in mind, it also means that things like emails don’t fall under their umbrella — as you wouldn’t be able to physically sign an email, for instance.

A digital signature, sometimes found in e-mails, are more comparable to a wax seal. They can prove whether an email was really sent by a specific sender or whether its contents were manipulated.

Certain systems are able to check the signature of an e-mail and the qualified signed documents in the email attachment for incoming emails.

How do you ‘verify’ a qualified electronic signature?

To check the validity of the qualified electronic signature, the addressees must track who the document originated from and ensure that its content has not been changed. When signing a document, the recipient will receive an electronically signed document including a public key.

The enclosed public key can be used to read the transmitted electronic signature. If the values of the sender’s private key and the public key match, the signed document has been transmitted unchanged.

How do you create a qualified electronic signature?

To create a qualified electronic signature, a signature card is required that is provided with a unique, forgery-proof electronic certificate. The certificate must be issued by a recognised certification service (Trust Service Provider) that covers the security requirements of the eIDAS Regulation.

The certification service generates a secure signature creation device that the trust service provider can control remotely. This prevents tampering with the qualified electronic signature, which could otherwise be carried out on readers and the like.

Create, manage and have documents signed in one place: Personio’s Digital Employee Files.

What do you need to create a qualified electronic signature?

To create a qualified electronic signature, the signature card of a certification provider (see above), a suitable card reader and digital signing software are required.

Here is an overview of the steps in the QES process:

  • Select a suitable certification service.

  • Register there.

  • Organise the necessary hardware and software.

  • Card reader

  • Signature card

  • Software for qualified electronic signature

  • Add a digital signature to your document.

  • Identify yourself uniquely so that a qualified certificate can be issued.

According to the definition in the eIDAS Regulation, cloud-based signatures can also meet the requirements for a qualified signature. In this case, no signature card is required.

The certificates are stored on a server and the qualified electronic signature can be managed remotely by a qualified certification service on behalf of the signer.

Take a look into how Personio facilitates faster HR work with electronic signatures.

How much does qualified electronic signature equipment cost?

For a card reader, signature card and certificate for a qualified electronic signature valid for three years, you normally pay between £100 to £130 (€120 to €160).

When would HR need a qualified electronic signature?

For a busy HR team, you would likely need the help of a qualified electronic signature in some of the following cases:

  • Acknowledgments of receipt

  • Term agreements

  • Amendments and supplements to the employment contract with double written form clause

Although the qualified electronic signature is the most secure form of e-signature, it always requires personal identification when first implemented. Subsequently, two-factor authentication is required, for example, by means of a signature card.

The question of which type of signature is relevant for you must therefore be weighed up according to the legal requirements and the specific use case.


Sign Documents Securely

Electronic Signature Send Contract